Re: [jose] Header criticality -- hidden consensus?

"Vladimir Dzhuvinov / NimbusDS" <vladimir@nimbusds.com> Sat, 09 February 2013 06:35 UTC

Return-Path: <vladimir@nimbusds.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E1B21F8C8D for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 22:35:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8EkHQlL4-PAE for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 22:35:14 -0800 (PST)
Received: from n1plwbeout07-01.prod.ams1.secureserver.net (n1plsmtp07-01-02.prod.ams1.secureserver.net [188.121.52.106]) by ietfa.amsl.com (Postfix) with SMTP id 8B7CC21F8C7C for <jose@ietf.org>; Fri, 8 Feb 2013 22:35:12 -0800 (PST)
Received: (qmail 14803 invoked from network); 9 Feb 2013 06:35:12 -0000
Received: from unknown (HELO localhost) (188.121.52.245) by n1plwbeout07-01.prod.ams1.secureserver.net with SMTP; 9 Feb 2013 06:35:02 -0000
Received: (qmail 3826 invoked by uid 99); 9 Feb 2013 06:35:02 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Originating-IP: 95.43.38.76
User-Agent: Workspace Webmail 5.6.32
Message-Id: <20130208233501.cc40c4f3d92d2001859047cd8cabb9ab.f4a7008ad7.wbe@email07.europe.secureserver.net>
From: "Vladimir Dzhuvinov / NimbusDS" <vladimir@nimbusds.com>
To: "Richard Barnes" <rlb@ipv.sx>, "jose@ietf.org" <jose@ietf.org>
Date: Fri, 08 Feb 2013 23:35:01 -0700
Mime-Version: 1.0
Subject: Re: [jose] =?utf-8?q?Header_criticality_--_hidden_consensus=3F?=
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Feb 2013 06:35:14 -0000

Hi Richard,

I understand your concern. With some bit of interface engineering we
managed to have this requirement covered at library level, by allowing
client apps to specify additional accepted parameters. If the JOSE
library encounters a header with an unexpected name, it will mark the
message as bad on the spot, so it won't be passed on to the app code at
all.

You can take a look at the interface Javadocs here:

http://nimbusds.com/files/jose-jwt/javadoc/com/nimbusds/jose/HeaderFilter.html

And the actual code at the Git repo:

https://bitbucket.org/nimbusds/nimbus-jose-jwt/src/bef49c225aae194b6c40a376aee36b9af37a5da6/src/main/java/com/nimbusds/jose/HeaderFilter.java?at=master



What's more, this interface allows even certain standard headers from
the JWS/JWE spec to not be denied (say if the client app doesn't want to
accept X509 cert URLs, etc).


I hope this helps,

Vladimir


--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com




-------- Original Message --------
Subject: [jose] Header criticality -- hidden consensus?
From: Richard Barnes <rlb@ipv.sx>
Date: Fri, February 08, 2013 11:11 pm
To: "jose@ietf.org" <jose@ietf.org>

We're 24 votes into the header criticality poll, so I thought I would go
ahead and take a look at how the results are shaping up.  My initial
tabulation is below.  The result on the FIRST POLL (the main one) is as
follows: 

No: 10
Yes: 14


What I find striking, however, is that every single person that voted
"Yes" on the FIRST POLL also voted "Yes" on the SECOND POLL.  So nobody
who thinks that all headers should be critical thinks that a JOSE
library should actually be required to enforce this constraint.  And
that means that enforcing that all headers are supported cannot be a
MUST according to RFC 2119.


So I wonder if there's consensus to remove the following text from JWE
and JWS:
-----BEGIN-JWE-----
   4.   The resulting JWE Header MUST be validated to only include
        parameters and values whose syntax and semantics are both
        understood and supported.

-----END-JWE-----
-----BEGIN-JWS-----
   4.  The resulting JWS Header MUST be validated to only include
       parameters and values whose syntax and semantics are both
       understood and supported.

-----END-JWS-----


Otherewise, a JOSE library conforming to these specifications would be
REQUIRED (a synonym to MUST in 2119) to reject a JWE/JWS that contains
an unknown header, contradicting all those "Yes" votes on the SECOND
POLL.


--Richard






-----BEGIN-Tabulation-----
1       2       3    Name:           
N       -       -    Bradley         
N       -       -    Ito             
N       N       A    Yee             
N       N       B    Barnes          
N       N       B    Rescorla        
N       N       C    Manger          
N       N       C    Octman          
N       Y       A    Fletcher        
N       Y       A    Miller          
N       Y       A    Sakimura        
Y       Y       -    D'Agostino      
Y       Y       A    Biering         
Y       Y       A    Brault          
Y       Y       A    Hedberg         
Y       Y       A    Jay             
Y       Y       A    Jones           
Y       Y       A    Marais          
Y       Y       A    Nadalin         
Y       Y       A    Nara            
Y       Y       A    Nennker         
Y       Y       A    Solberg         
Y       Y       B    Hardt           
Y       Y       B    Medeiros        
Y       Y       C    Matake          
Y       Y       C    Mishra    

-----END-Tabulation-----

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose